Why using digital forensics in cyber claims investigations is the way forward
In the rapidly evolving realm of cyber insurance claims, there’s a growing demand from insurers to forge partnerships with forensics experts, Anthony Hess, co-founder of Asceris, tells Intelligent Insurer.
With a focus on handling cyber attack investigations and supporting insurers with claims, Asceris provides the insurance industry with cyber insurance services including digital forensics, incident response and data breach review.
Hess has more than 30 years’ experience in IT, with 15 years in cybersecurity, and 10 years in the cyber insurance market, explaining that he has always “had a knack for technology”.
Starting out in 2020 as a two-man “bootstrapped” company, Asceris first focused on business email compromise “which we felt was underserved in the UK”—where the co-founders live. “We’ve since expanded in terms of services, adding ransomware and data breach review, and in terms of geographies, and we plan to continue to do so in alignment with our insurance and legal partners.”
The company has grown significantly and today has a presence in the US, Canada and Germany. Hess’s passion for cyber insurance clear, and the CEO makes time to host insightful podcasts interviewing leaders across the industry. In a recent podcast, for example, he talks to Stu Panensky, founding partner of Pierson Ferdinand, about how to save your business in a crisis.
“I find cyber insurance a fascinating way of dealing with cyber risk. Sometimes it’s a fusion between the insurance and third party services, or it can be just the services or maybe just the insurance.”
Using digital forensics in cyber claims
Faced with evolving cyber threats, insurers must embrace innovative approaches to mitigating risks, and partnering with expert third-party suppliers is one solution.
Asceris works in different ways with insurers in the event of a cyber claim. As Hess explains: “It depends on the claims model the insurer is using. Sometimes we are assessed and put on to an approved list and the law firms drive the process; at other times the insurer takes a more hands-on role.
“There has been a lot of evolution in terms of the claims models. We see many law firm-driven models because of the legal and regulatory implications of what’s happening—law firms appoint different cyber vendors to assist in different components of the incident, and we’re focused on the digital forensics and incident response.
“Another model is where there’s very hands-on management of the claim from the insurer, which will appoint the law firm which will then appoint a digital forensics firm, and then monitor closely what happens.”
Hess adds a third scenario in which the insurer provides some or all of the digital forensics itself. “The internal incident response team gets the first option to look at the claim, and if they can’t handle it for whatever reason, it’ll be handed to us,” he explains.
Working closely with insurers
Hess has many examples showing how Asceris has helped companies get back up and running. “For example, during a state-sponsored attack on a company’s email system, when the attackers bypassed multi-factor authentication and compromised an administrative account in a way we hadn’t seen previously, their intent was not to steal money, but to steal very sensitive data out of the emails,” he recalls.
“We were able to help the company figure out what happened on a very technically sophisticated case, and help them lock down the system so it couldn’t happen again.
“In terms of data-mining incidents, using a third party such as Asceris can save a huge cost as we have access to a variety of specialised automated tools,” Hess continues.
“We were presented with a case where the competitor’s quote was well over one million pounds, and we were able to complete the work for under £100,000.”
But it’s not just about the potential to save money. Companies such as Asceris also provide hands-on expertise and experience.
Ransomware cases are now the most challenging type of incident due to the sophistication of the attacks and the difficulty in detecting and responding to them, especially if on-site recovery is required.
“These threat actors are putting a lot of effort into their attacks,” Hess explains. “We had a case recently in the US that started as a standard negotiation investigation, but the company was really struggling to get back up and running.
“We let them work directly with one of our partner recovery firms because their IT supplier didn’t have a lot of extra bandwidth. These service providers are often pressured to be very efficient so they tend not to have a lot of people who can show up and help. We were able to send on-site support to get them back up and running, which we did.”
Preparing for future risk
There are many challenges facing cyber risk insurance, including low global penetration rates and trying to stay ahead of emerging threats, although Hess is clear about the increasing relevance of—and need for—digital forensics in accurately assessing cyber risks and facilitating effective incident response. Hess is also a big advocate for the automation of certain tasks to speed up processes.
“My dream is to get to the point where data breach review is no longer a manual process.” Anthony Hess, Asceris
“We’re very good at finding different ways to use technology to reduce financial impact while still being accurate,” he says. “The automation of data breach reviews is something that can be tremendously valuable to insurers and the whole industry. My dream is to get to the point where data breach review is no longer a manual process; we feed in the datasets and the computer tells us who needs to be notified. I see the advancement of artificial intelligence (AI) making a big difference in this area.”
The evolution of cyber attacks accentuates the importance of continuous adaptation and investment in cutting-edge solutions, such as AI tools or leaning on expert third parties, to keep up with threat actors and safeguard against emerging threats.
By harnessing advanced technologies and forging strategic partnerships with companies such as Asceris, insurers can bolster their capabilities in detecting, responding to, and recovering from cyber incidents.
Did you get value from this story? Sign up to our free daily newsletters and get stories like this sent straight to your inbox.
